Between April 27 and May 6, 2024, United Urology Group experienced a network breach that exposed the protected health information (PHI) of 10,704 individuals.
What happened
The national network of urology specialists, United Urology Group, detected unauthorized access to their network from April 27 to May 6, 2024. Following the detection of the breach, an investigation was conducted, concluding on July 15, 2024. The investigation revealed that a range of personal data, including Social Security numbers, financial details, and medical records, was removed from their network.
The organization started notifying affected individuals on August 14, 2024, providing information on steps to protect against potential misuse.
What was said
In the United Urology Group information security notice, the organization states, "The privacy and security of the personal information we maintain is of the utmost importance." They also detailed their actions to enhance security measures and prevent future breaches.
Furthermore, a response line was established for affected individuals at 833-251-9599, available Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Time.
Why it matters
HIPAA regulations require covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates to notify affected individuals within 60 days of discovering the breach.
United Urology Group adhered to this requirement, ensuring legal compliance and transparency. Ultimately, their timely breach notifications can help individuals protect themselves from identity theft and fraud.
The bottom line
Covered entities must improve their security measures to safeguard patients’ PHI and uphold HIPAA requirements. Prompt notifications help minimize the damage and further financial implications.
Go deeper: HIPAA breach deadlines healthcare organizations need to know
FAQs
What is a data breach?
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
What should individuals do if their data has been compromised?
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
Are there any costs associated with placing a fraud alert or credit freeze?
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.
